CyberSec.Space Logo
Back to CVE Browser

CVE-2019-17043

HIGH
7.8
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile5.18th
PublishedOct 14, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution.

Affected Platforms (CPE)

πŸ“¦
Bmc

Patrol Agent

= 9.0.10i

References & Advisories

πŸ”— https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalation
πŸ”— https://twitter.com/whira_wr
πŸ”— https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalation
πŸ”— https://twitter.com/whira_wr

Related Vulnerabilities

CVE-2011-097510.0

Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for ...

CVE-2008-598210.0

Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string ...

CVE-1999-080110.0

BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.

CVE-2019-83529.8

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the...